Nowadays, the tools we use to browse the internet require us to follow security standards. Otherwise, they tend to flag our web applications/sites as insecure. This can be very stressful. I myself have been struggling with this situation for some time on every Laravel application I have built. Below is an overview of the steps that you can take to make sure your Laravel application is always secure (and with HTTPS). STEP 1 First, you need to purchase an SSL certificate from your desired hosting provider or certificate authority. After you have purchased your desired SSL certificate, move to install it to your server and follow the processes below to make sure your Laravel application always points to https. Force HTTPS With Middleware To force redirect a HTTP URL to HTTPS you can use middleware to handle the redirect. This is just a simple solution and doesn’t require a change to the server. You can make the middleware by running “ ” PHP artisan make:middleware HttpsMiddleware and it will generate a file similar to the one below (or just copy and paste this file in ). app/Http/Middleware/HttpsMiddleware.php This will check if the request is secure, if it is not secure, it will redirect the user to the secure/HTTPS URL. namespace App\Http\Middleware;

use Closure;
use Illuminate\Support\Facades\App;

class HttpsMiddleware
{
    /**
     * Handle an incoming request.
     *
     * @param  \Illuminate\Http\Request  $request
     * @param  \Closure  $next
     * @return mixed
     */
    public function handle($request, Closure $next)
    {
        if (!$request->secure() && app()->environment('production')) {
            return redirect()->secure($request->getRequestUri());
        }

        return $next($request);
    }
} Then in your Kernel which is found on ( ) you can place the created middleware in the web group, which is applied to every request to your Laravel application. app/Http/Kernel.php See below: protected $middlewareGroups = [
    'web' => [
       \App\Http\Middleware\EncryptCookies::class,

       \Illuminate\Routing\Middleware\SubstituteBindings::class,
       \App\Http\Middleware\HttpsMiddleware::class
    ],

    'api' => [
        'throttle:60,1',
    ],
]; Force HTTPS with Nginx Change Nginx server configuration to the following: server {
    listen 80;
    listen [::]:80;
    server_name yoursite.com www.yoursite.com; 
    return 301 https://yoursite.com$request_uri;
} What this does is listen on port 80 (HTTP traffic) and redirect all traffic to example.com & to the new HTTPS-URL, yoursite.com/*. yoursite www. .com Based on the , Nginx will redirect the user to its original URL but then the HTTPS version. $request_uri parameter Force HTTPS with .htaccess (Most Common) You can also force HTTPS on the file it’s possible to redirect all your HTTP requests to HTTPS. It’s just a few lines of code, that will check if the request is not HTTPS, if so, it will be redirected to the HTTPS version of your application. .htaccess RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301] Thanks for reading the article! If you enjoyed it, please don’t forget to show your appreciation by clicking 👏 below! Any questions or comments hit me up on: Before you go… Mail: epmnzava@gmail.com Twitter: https://twitter.com/epmnzava Github: https://github.com/dbrax Also published here.

Twitter

How to Upgrade a Laravel App to the Latest Version

Using Components in Laravel: A Gentle Introduction

Nominated for 2022 - HackerNoon Contributor of the Year - Laravel

Nominated for 2022 - HackerNoon Contributor of the Year - Php

Nominated for 2022 - HackerNoon Contributor of the Year - Software Engineering

Nominated for 2022 - Software Developer of the Year

Nominated for 2022 - HackerNoon Contributor of the Year - Open Source

Too Long; Didn't Read

How to Secure Your Laravel Application 

How to Secure Your Laravel Application

About Author

Comments

TOPICS

THIS ARTICLE WAS FEATURED IN

Related Stories

A Quick Guide to Upgrading Laravel to Version 9 🚀

104 Stories To Learn About Go

105 Stories To Learn About Functional Programming

100+ Free Pluralsight Courses to learn Python, Java, and Spring Boot

10 Websites to Learn JavaScript for Beginners

104 Stories To Learn About Programming Top Story

A Quick Guide to Upgrading Laravel to Version 9 🚀

104 Stories To Learn About Go

105 Stories To Learn About Functional Programming

100+ Free Pluralsight Courses to learn Python, Java, and Spring Boot

10 Websites to Learn JavaScript for Beginners

104 Stories To Learn About Programming Top Story

Light-Mode

Classic

Newspaper

Minty

Dark-Mode

Neon Noir

Minty

HN StartUps